Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks

New York resident Jay Brodsky has filed a frivolous class action lawsuit against Apple, alleging that the company's so-called "coercive" policy of not letting customers disable two-factor authentication beyond a two-week grace period is both inconvenient and violates a variety of California laws.

The complaint alleges that Brodsky "and millions of similarly situated consumers across the nation have been and continue to suffer harm" and "economic losses" as a result of Apple's "interference with the use of their personal devices and waste of their personal time in using additional time for simple logging in."

In a support document, Apple says it prevents customers from turning off two-factor authentication after two weeks because "certain features in the latest versions of iOS and macOS require this extra level of security":

If you already use two-factor authentication, you can no longer turn it off. Certain features in the latest versions of iOS and macOS require this extra level of security, which is designed to protect your information. If you recently updated your account, you can unenroll for two weeks. Just open your enrollment confirmation email and click the link to return to your previous security settings. Keep in mind, this makes your account less secure and means that you can't use features that require higher security.

The complaint is riddled with questionable allegations, however, including that Apple released a software update around September 2015 that enabled two-factor authentication on Brodsky's Apple ID without his knowledge or consent. Apple in fact offers two-factor authentication on an opt-in basis.

Brodsky also claims that two-factor authentication is required each time you turn on an Apple device, which is false, and claims the security layer adds an additional two to five minutes or longer to the login process when it in fact only takes seconds to enter a verification code from a trusted device.

The complaint goes on to allege that Apple's confirmation email for two-factor authentication enrollment containing a "single last line" alerting customers that they have a two-week period to disable the security layer is "insufficient."

Brodsky accuses Apple of violating the U.S. Computer Fraud and Abuse Act, California's Invasion of Privacy Act, and other laws. He, on behalf of others similarly situated, is seeking monetary damages as well as a ruling that prevents Apple from "not allowing a user to choose its own logging and security procedure." Read the full document.

To be clear, I do think two-factor authentication is much more secure (obviously). But I hate that Apple is so determined to force its users into using it. If someone doesn't want it then they have the right to disable it. Plain and simple. Our devices and accounts should be ours to control.

New York resident Jay Brodsky has filed a frivolous class action lawsuit against Apple, alleging that the company's so-called "coercive" policy of not letting customers disable two-factor authentication beyond a two-week grace period is both inconvenient and violates a variety of California laws.

Without commenting on the merits of this case, I'd prefer that the MacRumors team not editorialize like this. Leave that to the pundits. Share the facts and leave it at that.

I’m just going to sue apple for feature requests now. The phone icon is prejudiced against young people who aren’t familiar with what a telephone looks like. It’s ageist and insensitive. Now give us all three cents for the emotional damage this has caused us.

MacRumors attracts a broad audience
of both consumers and professionals interested in
the latest technologies and products. We also boast an active community focused on
purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.